437 matches found
CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
CVE-2019-7612
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...
GHSA-84H7-RJJ3-6JX4 vulnerabilities
Vulnerabilities for packages: opensearch, flyway, apache-activemq-artemis, druid, wildfly, zipkin, thingsboard, apicurio-registry, management-api-for-apache-cassandra-5.0, celeborn, kserve-modelmesh, logstash, tez, docker-selenium, keycloak, logstash-input-http, akhq, spark, apache-nifi,...
CVE-2025-67735 vulnerabilities
Vulnerabilities for packages: opensearch, flyway, apache-activemq-artemis, druid, wildfly, zipkin, thingsboard, apicurio-registry, management-api-for-apache-cassandra-5.0, celeborn, kserve-modelmesh, logstash, tez, docker-selenium, keycloak, logstash-input-http, akhq, spark, apache-nifi,...
CVE-2025-67735 vulnerabilities
Vulnerabilities for packages: apache-pulsar, thingsboard, sonarqube, apache-hop, camunda-zeebe, seata, localstack, management-api-for-apache-cassandra-4.1, tez, keycloak, opensearch-fips, logstash, kayenta-fips, hadoop-fips, management-api-for-apache-cassandra-4.0, neo4j, apicurio-registry,...
GHSA-84H7-RJJ3-6JX4 vulnerabilities
Vulnerabilities for packages: apache-pulsar, thingsboard, sonarqube, apache-hop, camunda-zeebe, seata, localstack, management-api-for-apache-cassandra-4.1, tez, keycloak, opensearch-fips, logstash, kayenta-fips, hadoop-fips, management-api-for-apache-cassandra-4.0, neo4j, apicurio-registry,...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
EUVD-2025-37221
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274
Nagios Log Server (pre-2024R2.0.3) contains an execution with unnecessary privileges due to embedding a Logstash process running as root. If an attacker compromises Logstash (e.g., via insecure plugins, pipeline config injection, or input parsing vulnerabilities), they could execute code with roo...
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
PT-2025-44517
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3 Description The software runs its embedded Logstash process as the root user, leading to a situation where an attacker compromising the Logstash process could execute code with root privileges,...
Nagios Log Server 安全漏洞
Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from the embedded Logstash process running as root user, which could lead to an attacker...
GHSA-MR3Q-G2MV-MR4Q vulnerabilities
Vulnerabilities for packages: logstash...
CVE-2025-61921 vulnerabilities
Vulnerabilities for packages: logstash...
CVE-2025-61921 vulnerabilities
Vulnerabilities for packages: gitlab-cng, logstash...
GHSA-MR3Q-G2MV-MR4Q vulnerabilities
Vulnerabilities for packages: gitlab-cng, logstash...
EUVD-2019-17149
Malware in sbrugna...